You are implementing network access for several internal business units that work with sensitive information on a small organizational network. Which of the following would best mitigate risk associated with users improperly accessing other segments of the network without adding additional switches?
a. Log analysis
b. Access control lists
c. Network segmentation
d. Proper VLAN management
Answer: D
VLANs provide a way to limit broadcast traffic in a switched network. This creates a boundary and, in essence, creates multiple, isolated LANs on one switch. Answer A is incorrect because logging is the process of collecting data to be used for monitoring and auditing purposes. Answer B is incorrect because access control generally refers to the process of making resources available to accounts that should have access while limiting that access to only what is required. Answer C is incorrect because network segmentation is used for interconnected networks where a compromised system on one network can easily threaten machines on other network segments.
Learn More :
Educating and Protecting the User
- You have recently had security breaches in the network. You suspect they might be coming from a telecommuter's home network. Which of the following devices would you use to require a secure method for employees to access corporate resources while working from home?
- Which concept does the Bell-LaPadula model deal most accurately with?
- Which of the following is the best description of shoulder surfing?
- at.allow is an access control that allows only specific users to use the service. What is at.deny?
- Which of the following is the highest classification level in the government?
- When you combine phishing with Voice over IP, it is known as:
- Which act mandates national standards and procedures for the storage, use, and transmission of personal medical information?
- Users should be educated in the correct way to close pop-up ads in the workplace. That method is to:
- What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request?
- An NDA (nondisclosure agreement) is typically signed by?
- Which of the following is the best description of tailgating?
- Which of the following actions would not be allowed in the Bell-LaPadula model?
- ____ information is made available to either large public or specific individuals, while ______ information is intended for only those internal to the organization.
- There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service and is known as:
- The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all except:
- Which of the following is another name for social engineering?
- For which U.S. organization was the Bell-LaPadula model designed?
- The Cyberspace Security Enhancement Act gives law enforcement the right to:
- You've recently been hired by ACME to do a security audit. The managers of this company feel that their current security measures are inadequate. Which information access control model prevents users from writing information down to a lower level of security and prevents users from reading above their level of security?
- Which classification of information designates that information can be released on a restricted basis to outside organizations?
- As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type?